If you are a Linux geek like me you probably have a text file in your home directory with all your favorite command line ‘fu tricks. I thought I would share some of the ones I have collected over the years which can come in useful for remote servers where the only access you have is via ssh.
The first one uses Apache’s bench marking tool which should come default with almost all Apache installs. This tool is easy to run and can provide a wealth of information.
There are 2 flags which we can set depending on our needs.
-n 9000 : Number of requests to perform for the benchmarking session
-c 900 : Number of multiple requests to perform at a time
Benchmark our Apache web server:
- r00t@infected ~ $ sudo ab -n 9000 -c 900 192.168.1.100/index.php
- This is ApacheBench, Version 2.3 <$Revision: 655654 $>
- Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
- Licensed to The Apache Software Foundation, http://www.apache.org/
- Benchmarking 192.168.1.100 (be patient)
- Completed 900 requests
- Completed 1800 requests
- Completed 2700 requests
- Completed 3600 requests
- Completed 4500 requests
- Completed 5400 requests
- Completed 6300 requests
- Completed 7200 requests
- Completed 8100 requests
- Completed 9000 requests
- Finished 9000 requests
- Server Software: Apache
- Server Hostname: 192.168.1.100
- Server Port: 80
- Document Path: /index.php
- Document Length: 207 bytes
- Concurrency Level: 900
- Time taken for tests: 1.432 seconds
- Complete requests: 9000
- Failed requests: 0
- Write errors: 0
- Non-2xx responses: 9000
- Total transferred: 3339000 bytes
- HTML transferred: 1863000 bytes
- Requests per second: 6285.54 [#/sec] (mean)
- Time per request: 143.186 [ms] (mean)
- Time per request: 0.159 [ms] (mean, across all concurrent requests)
- Transfer rate: 2277.28 [Kbytes/sec] received
- Connection Times (ms)
- min mean[+/-sd] median max
- Connect: 0 0 1.8 0 12
- Processing: 2 33 148.4 17 1418
- Waiting: 2 33 148.4 17 1418
- Total: 14 34 149.5 17 1429
- Percentage of the requests served within a certain time (ms)
- 50% 17
- 66% 17
- 75% 17
- 80% 17
- 90% 17
- 95% 18
- 98% 26
- 99% 1420
- 100% 1429 (longest request)
I wont go into what every thing means however this can be very useful in tracking down web server issues.
Another useful bit of code can help us check our download speed on a remote server:
- r00t@infected ~ $ echo $(date +%s) > start-time; URL=http://www.google.com; while true; do echo $(curl -L --w %{speed_download} -o/dev/null -s $URL) >> bps; sleep 10; done &amp;amp;
- [5] 10814
Get your external IP address:
- r00t@infected ~ $ curl -s 'http://checkip.dyndns.org' | sed 's/.*Current IP Address: \([0-9\.]*\).*/\1/g'
- 67.18.189.254
Calculate the number of established connections on a server:
- r00t@infected ~ $ netstat -an | awk '$1 ~ /[Tt][Cc][Pp]/ &amp;amp;&amp;amp; $NF ~ /ESTABLISHED/{i++}END{print "Connected:\t", i}'
- Connected: 2
Show which applications are using the internet:
- r00t@infected ~ $ netstat -lantp | grep -i establ | awk -F/ '{print $2}' | sort | uniq
- (Not all processes could be identified, non-owned process info
- will not be shown, you would have to be root to see it all.)
- irssi
- thunderbird-bin
Show all established connections on port 80 on a web server by IP:
- r00t@infected ~ $ netstat -ant | grep :80 | grep ESTABLISHED | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -n
- 1 216.137.39.92
- 1 72.14.209.101
- 1 74.125.47.156
- 1 74.125.65.95
- 1 74.125.67.154
- 2 216.137.39.109
- 2 72.14.209.102
- 5 216.137.39.65
- 6 216.137.39.181
- 6 216.137.39.73
When was the OS installed:
- r00t@infected ~ $ ls -lct /etc/ | tail -1 | awk '{print $6, $7, $8}'
- Sep 23 12:07
List of reverse DNS records for a IP or a subnet:
- r00t@infected ~ $ sudo nmap -R -sL 67.18.189.254 | awk '{if($3=="not")print"("$2") no PTR";else print$3" is "$2}' | grep '('
- (67.18.189.254) is fe.bd.1243.static.theplanet.com
Check which files are wasting diskspace:
- r00t@infected ~ $ du -aB1m|awk '$1 >= 100'
I have lots more but I will save those for another post.